Out-of-Bounds Write Vulnerability in Ivanti EPM Software
CVE-2024-13168
7.5HIGH
Summary
A vulnerability exists in Ivanti Endpoint Manager (EPM) that permits a remote unauthenticated attacker to exploit an out-of-bounds write condition. This flaw enables the attacker to disrupt service availability, potentially leading to a denial of service. Affected versions include Ivanti EPM prior to the January 2025 Security Update and Ivanti EPM 2022 SU6, also before the January 2025 update. System administrators are advised to apply the latest security updates to mitigate risks.
Affected Version(s)
Endpoint Manager 2024 January-2025 Security Update
Endpoint Manager 2024 January-2025 Security Update
Endpoint Manager 2022 SU6 January-2025 Security Update
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published